Four US seaports and one international

Transcription

1 Main Focus US ports set sail for ISO/PAS by Faith Leavitt, FLW Enterprises, Inc. Principal with the Global Environment & Technology Foundation (GETF), Stephen R. Wassersug, Vice President of FLW Enterprises, Inc., Principal with GETF. Four US seaports one international airport have joined forces in a unique cost-share consortium to develop a security management system (SMS) based on a new ISO publicly available specification for the security of the supply chain, ISO/PAS This ground-breaking programme is the first of its kind to field-test the new security specification report on its organizational benefits. ISO/PAS 28000:2005, Specification for security management systems for the supply chain, integrates the risk management approach of ISO 14001:2004. Seaports airports have a complex array of operations that they manage on a 24-hour basis, these multiple responsibilities quite naturally follow a systems-based management approach. The good news is ports airports can easily integrate a security management system into existing supply chain operations. Just as ports have effectively utilized ISO s environmental management system, this system offers ports a realistic cost-effective manner to manage their specific security needs. For that reason, ISO/PAS with its Plan-Do- Check-Act (PDCA) methodology is a compelling tool for any organization, whether large or small, to have in its security toolbox. The American Association of Port Authorities (AAPA) 1) the Global Environment Technolo- 18 ISO Focus July/August 2006 gy Foundation (GETF) 2) partnered to support the programme to provide programme design technical assistance to the participants. Using environmental management for inspiration The idea for the current SMS initiative got its start more than two years ago when AAPA, GETF the US Environmental Protection Agency sponsored an environmental management system (EMS) assistance programme for ports involving 11 seaports 3). Before ISO/PAS appeared, one of the 11, the Port of Houston, who came to 1) The American Association of Port Authorities (AAPA) is an alliance of leading ports in the Western Hemisphere that protects advances the common interests of its diverse membership of public port authorities from throughout the Western Hemisphere as they connect their communities with the global transportation system. 2) The Global Environment Technology Foundation (GETF) is a not-for-profit organization that provides EMS training support to public entities, manages the National Public Entity EMS Resource (PEER) Center, a national EMS clearinghouse ( made possible through a cooperative agreement with the US Environmental Protection Agency EMS Programmes at 3) See for the Ports EMS Assistance Programme Final Report.

2 Maritime security The technical assistance strategy model includes the following elements : Intensive training A two--a-half day workshop begins each phase prepares attendees to train lead their SMS teams through each of the requirements in ISO/PAS Hs-on activities Document samples Individual team work sessions Site visits Individualized training technical assistance SMS document preparation assistance Internal desk field audits Troubleshooting Verifying closure of nonconformances Monthly all hs conference calls Participant-generated agenda Information sharing : lessons learned keys to success Opportunities for collegial discussion mentoring Bi-weekly individual technical assistance calls Accomplishing implementation milestones Developing SMS documentation Addressing resolving barriers Electronic access to information A password protected Intranet site facilitates communication document/data sharing (where security requirements permit) Information posting : training manuals, security articles, etc. the programme with a certification to ISO 14001:2004, wanted to build a security management system on the EMS platform. Russell Whitmarsh, POHA s Chief of Police remarked, We developed a security management system based on ISO 14001: The PDCA model has already verified that we are in compliance with security requirements, provided us with organizational structure responsibility for more efficient use of resources. It has also provided an ongoing process to monitor measure key security parameters, guided us to reallocate resources to highest security priorities. At the completion of the environmental management system initiative, a number of ports wanted assistance in implementing an SMS using a field-tested proven plan, the current SMS consortium was formed. Faith Leavitt, who assisted Port of Houston in SMS development, who provides technical assistance to the current participants, says, As the country s gatekeepers, ports already incorporate security management as part of everyday business. Their need is not only to manage existing security risks, but also to institutionalize systematic processes that manage where possible eliminate those risks. The security management system offers ports a system to manage their specific security needs in a realistic cost-effective manner. ISO/PAS s proven PDCA model systems approach allow ports to identify vulnerabilities, establish action plans, implement continuous monitoring measuring, benefit from continual improvement opportunities all in coordination with the organization s strategic objectives legal requirements. She adds, the SMS helps ports allocate human financial resources more appropriately, confirms that they are addressing the what if scenarios that are today s post 9-11 realities. In the spring of 2005, AAPA surveyed the ports community validated the need timeliness of an SMS initiative 4). AAPA provided resources to defray some start-up costs, helped GETF develop a concept scope for the programme, participated in the applicant evaluation process. A competitive selection process The number of participants had to be limited to provide optimal training technical assistance, so the selection process was a competitive one. Lessons learned in four previous management system initiatives involving multiple organizations using a consistent implementation plan schedule helped GETF AAPA develop selection criteria, which included : Top management commitment, involvement visibility Sufficient resources to complete the project A plan to obtain employee support participation Information technology capabilities for participants to exchange information electronically Agreement to collect information make it available quarterly about SMS implementation costs 4) Ibid. ISO Focus July/August

3 Programme description Main Focus Phase 1 Plan Phase 2 Do Phase 3 Do Phase 4 Check act Final Meeting Previous process management system knowledge/experience (e.g. quality systems or EMS). Interested port authorities submitted a letter of application to AAPA GETF, signed by the port director containing the following information : a brief description of the port authority, its management structure activities the name of the management representative a description of how the project manager intends to work with the relevant port departments in developing implementing the SMS a preliminary indication of the fenceline (e.g. geographic operational boundaries) for the SMS a description of the reasons the port wishes to participate some of the benefits it hopes to realize a clear assurance that top management will provide the necessary visibility, staff time resources to successfully develop implement the SMS. March-Sept Establishing the programme Defining documenting the scope Organizational goal Programme leadership Policy Risks/threats Legal other requirements Evaluation compliance Audit find fix Management Create/manage documents records Sept.-April 2007 Managing risks Resources, roles, responsibilities authorities Operational controls Competence, training awareness Communication Documentation Control of documents records Emergency preparadness response Audit management April-Sept Performance improvement Objectives, targets programmes Audit nonconformities corrective actions Management SMS manual Sept.-March 2008 Verifying the system Monitoring measurements Internal audit Preventive actions Management March 2008 Outreach information Qualitative quantitative benefits Barriers Keys to success Lessons learned Case studies Final report Figure 1. The SMS Assistance Programme is an 18-month, four-phased implementation plan. About the authors Faith Leavitt is FLW Enterprises, Inc. a principal with Global Environment Technology Foundation (GETF). She designs environmental security management system tools implementation strategies provides training technical assistance to industry, government entities, seaports, small medium-sized businesses as they develop implement process management systems based on ISO 14001:2004 (fleavitt@earthvision.net). 20 ISO Focus July/August 2006 Stephen R. Wassersug, Vice FLW Enterprises, Inc., is past GETF. After a 27-year career with the US Environmental Protection Agency as a Senior Executive, Steve served as the Programme Director of the Regional Environmental Center for Central Eastern Europe in Budapest, Hungary, from He currently provides services to US federal state agencies industry in innovative environmental technology application, facilitation remediation, community-based environmental security management systems (steve.wassersug@getf.org). GETF AAPA scheduled interviews with individual applicants to discuss in detail the information contained in the application letter. AAPA announced the roster of participants selected for the SMS assistance programme the kick-off workshop, hosted by one of the participants, was scheduled. Participants equally share the costs for the workshops, mentoring, coaching, auditing, technical assistance (provided by GETF) during the term of the programme, in order to leverage best practices to achieve economies of scale among the community. What s expected of participating ports? management commitment, visibility involvement

4 Maritime security designation of a security management representative SMS leadership teams assignment of resources to attend project workshops undertake port-based SMS activities adoption of measurable performance objectives targets communication information sharing with local stakeholders, regulatory agencies other seaports as security considerations allow. Security management system assistance programme The SMS assistance programme is an 18-month, four-phased implementation plan described in Figure 1 (opposite). The development implementation plan the technical assistance strategy model is the one used in the first ports initiative, improved with lessons learned suggestions from past participants. Over the past 10 years, GETF has field-tested continually improved the model with more than 50 US organizations 5) who have implemented process management systems for quality, environment, safety health security (see box on page 19). As the country s gatekeepers, ports already incorporate security management as part of everyday business. Each quarter, participants track report the number of hours costs expended in the SMS development implementation in that phase of activity. They also report benefits, barriers keys to success, other information of interest to the group to the AAPA. At the time of this writing, participants are completing phase one milestones. In order to ensure that the management system gets off the security management representative s desk moves from development to implementation, each organization conducts an internal audit management of the milestones in the current phase before moving on to the next. As a result, the programme stays reasonably on track on time, management is better able to align the programme goals with the organization s strategic mission. Additionally, nonconformances, corrective preventive actions are tracked closed throughout the process. At the completion of the 18- month programme, a final report will aggregate the data that will be publicly available at on the AAPA Web site. The added value of participating Greater effort in an existing framework is not always the answer While each port had its individual reasons for wanting an ISO/ PAS based security management system, the following goals were common : provide a safe work place for all employees customers through the implementation of effective security measures implement security measures to enhance supply chain safety effectiveness downstream upstream full employee involvement in implementation, awareness acceptance of security measures empowered high performance security teams customers vendors underst their unique roles in the security safety of the port facilities, staff their own well-being save money improve confidence in security management participate in a think tank about security management with other ports in the programme formalize how to measure success in security management 5) ISO Focus July/August

5 Main Focus demonstrate that we are successful security managers promote public confidence ensure regulatory compliance enhance business value promote positive media coverage reporting streamline consolidate security in operating areas wherever possible. Expected benefits Remove Redundancy Save money Improved Operational Controls corrective preventive actions close gaps produce low hanging fruit 6) benefits minimizes/manages risk (money saved, avoided) from actual/potential security mishaps promotes strong public image of security consciousness competence minimizes employee succession issues leverages best management practices Credibility public image Emergency Response Regulatory Compliance Improve relationships with contractors tenants A need to know security mentality makes it hard for employees outside of the security staff to have a role in the SMS Security police forces are often under separate management (two sets operational controls, two sets documentation/records) not accustomed to sharing information Burgeoning regulations. Security staffs are concerned about one more set of requirements to complete Communication channels are often lacking between operational security staffs Focus on the Maritime Transportation Security Act requirements with no understing of how ISO/PAS supports compliance Ports are half of the supply chain what about global trading partners? Cuts in staff who will complete the SMS activities will there be sufficient funding? There are a multitude of benefits expected from the use of ISO/PAS including : a compliance-focused system is critical with newly promulgated laws regulations helps track accountability progress for millions in security grant funding facilitates consistency, reduces redundancy inefficiency among security forces improves verifies management confidence models leadership in the industry aligns resources to priority vulnerabilities security awareness improves, more staff are watchdogs improves clarity about security roles responsibilities 22 ISO Focus July/August 2006 minimizes communication barriers between police security forces operational staff regular analysis of vulnerabilities keeps assessments current management programmes responsive to emerging threats participate in the validation process of ISO/PAS Expected challenges The ports in the SMS assistance programme look forward to the benefits the SMS will bring them, but they are realistic. They accept that organizational change will bring some of the following challenges : buy-in from managers who are unfamiliar with the process approach or the benefits it offers union concerns if stard operating procedures are changed Next steps A great deal has been achieved so far but much remains to be done: Collect disseminate programme information to ports security sectors to the general ISO community Develop case studies Apply lessons learned to improve the implementation strategy Continue to track costs, benefits, barriers keys to success Attempt to attract global trading partners to be part of the current ISO/PAS implementation experiences Continue to participate in the ISO/ PAS verification process. 6) Low hanging fruit are basically those improvements innovations that can be suggested implemented during the measure phase when they become apparent. It is not necessary to wait for the improve phase for the implementation as it would be an opportunity loss.